| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <990cc950041022070479fb23b6@mail.gmail.com> Date: Fri, 22 Oct 2004 09:04:54 -0500 From: darren windham <elcamino74ss@...il.com> To: m@...er.org Cc: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com Subject: Re: Virus/Trojan trying to connect external:445 and 212.175.149.149.6667 Can you verify if you have any connections making it out to that 212.175.149.149 address? It appears to be a host located in Turkey. I may have already pulled the whois info on this host from ripe.net From looking at the contact info for the host is looks like possibly a broadband provider in Turkey. http://www.telekom.gov.tr/ I'd verify you don't have an active connection to an outside host and get that windows host off your network so you do some more research. On Fri, 22 Oct 2004 10:38:59 +0200, Murat Bicer <mbicer@...il.com> wrote: > Hi All, > > I am seeing some network traffic for some windows host trying to > contact random remote hosts port 445 and these hosts also try to > connect 212.175.149.149.6667 > > Is this some kind of an IRC bot/trojan? > > Anybody aware of it? > > We cannot find anything with the virus scanner. > This virus is very chatty, and keeping the network very busy. > > Any suggestions? > > Best, > Murat > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists